Method for management and/or administration of access authorizations in a network

ABSTRACT

Within the scope of the method for management and/or administration of access authorizations in a network, especially of access authorizations for internet and/or network main portals, the user administration is designed as a standardized, web protected and a decentralized process. For each main portal, a separate application is required and it is made possible for the user to seek possible internet and/or network main portals.

According to the preamble of claim 1 this invention relates to a methodfor management and administration of access authorization in a network.

U.S. Pat. No. 6,381,579 B1 describes a system and method by means of aso-called “web-browser”, to make it possible for users to accessinternet sites with certainty; the users then have a tailored menu foruse available. This method was developed in order to ensure the handlingof online businesses such as between contractors and customers, as canbe the case in a large enterprise. Different users have different accessrights which in real time can be changed online.

In enterprises and large organizations effective user management isnecessary, especially with relation to access rights to sensitive data.Besides, great flexibility is required in order to take fluctuations inpersonnel composition and fields of duty into consideration.

The problem on which this invention is based is to provide formanagement and/or administration of access authorizations in a network;a method which makes simple and effective management and/oradministration possible.

According to the invention said problem is solved by the features ofclaim 1. Other advantages result from the sub-claims.

It is accordingly proposed to design the user administration as astandardized, preferably web supported and decentralized process. Anapplication of the user is required which is preferably designed to beinteractive. Besides, within the scope of an advantageous alternative ofthe inventive method, it is proposed that for an access to internetand/or network main portal, one application is respectively requiredthus making possible for the users to seek possible internet and/ornetwork main portals.

It is possible, according to the invention, to change personal data ordata that is specific to the user after an application has been made atan internet and/or network main portal. This is advantageously done bythe user, the positions affected by the change being informed.

According to the invention, a cancellation of an access authorization isfurther provided which can be initiated by the user, his employer and/orthe personnel section.

Herebelow the invention is explained in detail by way of example withthe aid of the drawing which shows:

FIG. 1 is a diagram illustrating the inventive application process;

FIG. 2 is a diagram illustrating the change of personal data of the useraccording to the inventive method; and

FIG. 3 is one other diagram showing the cancellation of an accessauthorization.

It is, therefore, proposed according to the invention that for access tointernet and/or network main portals, a respective application by theuser is required, it being made possible to the user to seek possibleinternet and/or network main portals.

This is illustrated in FIG. 1. Here the customer or user generates arequest, for example, about the firm's internal network (intranet) whichcontains data of the user (for example, name PC-ID, etc.) and data ofthe main portal for which access is applied. This step is provided inthe Figure with the reference numeral 1.

After dispatch of the request (access request), a notice is sent to theemployer and to the customer (reference numeral 2).

Subsequently the access request is dismissed or acknowledged; in case ofdismissal, the customer is preferably informed by a notice (referencenumeral 4). It is inventively provided that for the case of a“sensitive” and/or new internet and/or network main portal the accessrequest is additionally checked (optional) by another control authorityso that a release is effected by the control authority; this step hasreceived the reference numeral 3 in FIG. 1.

For the case of acceptance or acknowledgment of the access request, anotice is generated by the administrator (reference numeral 5 a) whichserves to inform that the user's information has been registered at themain portal; this operation can also be advantageously further automatedby means of a structured notice (reference numeral 5 b) directly at themain portal. The user's pieces of information are then registered at themain portal (step 6) and the user's data specific to the main portalsuch as identification and password are received by the main portal ormain portal operator. In addition, the request is acknowledged in theadministration tool by the administrator.

It is inventively provided that the user's data specific to the mainportal is passed to the user or customer either via the administrator ordirectly by the main portal operator.

In FIG. 2 is diagrammatically illustrated the inventive procedure toedit personal data. The changes are here initiated by the user,preferably via the web-browser or any other adequate tool (referencenumeral 1) and, within the scope of a first alternative, the changesspecific to the main portal are relayed via the administrator (referencenumeral 2 a) to the main portal wherein the changes are registered (step3). One other specially advantageous alternative provides that theinformation about changes specific to the main portal, for example,about a structured notice, are communicated directly to the customer orto the main portal. After effected change, the user can directly receivefrom the customer a corresponding acknowledgment (step 4).

To cancel the access authorization (see FIG. 3), it is proposed that theuser enters a corresponding cancellation petition (reference numeral 1a), the employer receiving a control mail (reference numeral 1 b), andthe cancellation request can be acknowledged or dismissed by theemployer; this step corresponds to the reference numeral 1 c in FIG. 3.

The information or cancellation request is then passed, via theadministrator, to the main portal (steps 2 and 3) or is advantageouslycommunicated directly to the main portal, for example, via structurednotice (step 2 b) where the access is canceled or deactivated. Besides(step 4) an acknowledgment of the cancellation of access is sent to theadministrator tool; the user is correspondingly informed, for example,via a notice (step 5 in FIG. 3). Alternatively or additionally, the usercan be directly informed by the main portal or customer, as illustratedby the arrow provided with the reference numeral 6.

One advantageous development provides that an access can be canceled ordeactivated (arrow 7) by personal appearance via an adequate interfacewith the administrator tool.

The method introduced here for management and/or administration ofaccess authorizations in a network, makes a transparent, efficient anddecentralized means available which offers clearances to the co-workersand to the enterprise of extensive safety and data protection.

1-7. (canceled)
 8. A method of one or more of management andadministration of access authorizations in a network, particularly ofaccess authorizations for one or more of internet and network mainportals, user administration is designed as a standardized, webprotected and decentralized process in which one separate application isrequired for each main gate, a user being able to seek the one or moreinternet and network main portals.
 9. The method according to claim 8,wherein together with the application, a change of user's personal dataand a cancellation of the access are made possible.
 10. The methodaccording to claim 8, wherein after an application has been made at oneor more of an internet and network main portal, data specific to theuser or personnel can be changed, this taking place by the user andpositions affected by the change being requested.
 11. The methodaccording to claim 8, wherein a cancellation of an access authorizationat the one or more of internet and network main portals can be initiatedby one or more of the user, his employer and a personnel section. 12.The method according to claim 8, wherein the application at the one ormore internet and network main portals comprises the following steps:generating and dispatching of a request by the user, the requestcontaining user's data and data of the main portal for which access isrequested; generating a notice to an employer and a customer; checkingthe request, for a case of one or more of “sensitive”, new internet andnetwork main portal, an access request is additionally checked by oneother control authority and in case of dismissal, the customer isinformed by a notice; in case of acknowledgment or acceptance of therequest, generation to the administrator of a notice serving to indicatethat user's information has been registered in the main portal orgeneration of a structured notice directly communicated to the mainportal; registering the user's information in the main portal;generation of the user's data specific to the main portal by the mainportal or main portal operator and passing said data via theadministrator or directly through the main portal or the main portaloperator to the user or customer; and acknowledging the request in anadministration tool by the administrator.
 13. The method according toclaim 8, wherein change of user's personal data comprises the followingsteps: requesting of the changes by the user; relaying of the changesspecific to the main portal via the administrator or directly by meansof a structured notice to the main portal or to a customer, the changesbeing registered in the main portal; and optionally acknowledging thechanges to the user.
 14. The method according to claim 8, whereincancellation or deactivation of an access comprises the following steps:requesting a cancellation order by one or more of the user, the employeror the personal appearance or, in a case of a request by the user, theemployer receives a control notice and the cancellation order can beacknowledged or dismissed by the employer; relaying the information viathe administrator or directly to the main portal via structured noticewhere the access is canceled or deactivated; acknowledging cancellationor deactivation of the access to the administrator tool; notifying theuser by one or more of the administration tool and directly by the mainportal or customer.